Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account

ABSTRACT

A virtual payment system for paying for goods, services and content ordered over an internetwork is disclosed. The virtual payment system includes a commerce gateway. Buyers and sellers becomes registered participants by applying for virtual payment buyer and seller accounts. Once an account is established with the commerce gateway, a digital certificate is stored on the registered participant&#39;s computer. A buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account. When the product is shipped, the seller notifies the commerce gateway, which applies the charges to the buyer&#39;s virtual payment account. The buyer can settle the charges using a prepaid account, a credit account, or by using reward points earned through use of the virtual payment account. A buyer may create sub-accounts.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.11/775,473, filed Jul. 10, 2007 (now U.S. Pat. No. 9,864,989), which isa continuation of U.S. patent application Ser. No. 10/663,443, filedSep. 16, 2003 (now U.S. Pat. No. 7,249,097), which is a continuation ofU.S. patent application Ser. No. 10/338,133, filed Jan. 6, 2003, whichis a continuation of U.S. patent application Ser. No. 09/578,395, filedMay 25, 2000, which is a continuation-in-part of U.S. patent applicationSer. No. 09/370,949, filed Aug. 9, 1999, priority from the filing dateof which is hereby claimed under 35 U.S.C. § 120. U.S. patentapplication Ser. No. 09/370,949 also claims the benefit of provisionalU.S. Patent Application No. 60/140,039, filed Jun. 18, 1999, the benefitof which is hereby claimed under 35 U.S.C. § 119. All of saidapplications are expressly incorporated herein by reference.

FIELD OF THE INVENTION

This invention generally relates to a method and apparatus for orderinggoods, services and content from one or more other computers connectedvia common communications links and, more particularly, to a method andapparatus for ordering goods, services and content from computersconnected to the Internet using a virtual payment account.

BACKGROUND OF THE INVENTION

Communication networks are well known in the computer communicationsfield. By definition, a network is a group of computers and associateddevices that are connected by communications facilities or links.Network communications can be of a permanent nature, such as via cables,or can be of a temporary nature, such as connections made throughtelephone or radio links. Networks may vary in size, from a local areanetwork (LAN) consisting of a few computers or workstations and relateddevices; to a wide area network (WAN), which interconnects computers andLANs that are geographically dispersed; to a remote access service(RAS), which interconnects remote computers via temporary communicationlinks. An internetwork, in turn, is the joining of multiple computernetworks, both similar and dissimilar, by means of gateways or routersthat facilitate data transfer and conversion from various networks. Awell-known abbreviation for the term internetwork is “Internet.” Ascurrently understood, the capitalized term “Internet” refers to thecollection of networks and routers that use the Transmission ControlProtocol/Internet Protocol (TCP/IP) to communicate with one another.

A representative section of the Internet 40 is shown in FIG. 1 (PriorArt) in which a plurality of local area networks (LANs) 44 and a widearea network (WAN) 46 are interconnected by routers 42. The routers 42are generally special purpose computers used to interface one LAN or WANto another. Communication links within the LANs may be twisted wirepair, or coaxial cable, while communication links between networks mayutilize 56 Kbps analog telephone lines, or 1 Mbps digital T-1 linesand/or 45 Mbps T-3 lines. Further, computers and other relatedelectronic devices can be remotely connected to either the LANs 44 orthe WAN 46 via a modem and temporary telephone link. Such computers andelectronic devices 48 are shown in FIG. 1 as connected to one of theLANs 44 by a dotted line. It will be appreciated that the Internetcomprises a vast number of such interconnected networks, computers androuters and that only a small, representative section of the Internet 40is shown in FIG. 1.

The Internet has recently seen explosive growth by virtue of its abilityto link computers located throughout the world. As the Internet hasgrown, so has the World Wide Web (WWW). The WWW is a vast collection ofinterconnected or “hypertext” documents (also known as “Web pages”)written in HyperText Markup Language (HTML) that are electronicallystored at “Web sites” throughout the Internet. A Web site is a serverconnected to the Internet that has mass storage facilities for storinghypertext documents and that runs administrative software for handlingrequests for those stored hypertext documents. A hypertext documentnormally includes a number of hyperlinks, i.e., highlighted portions oftext that link the document to another hypertext document possiblystored at a Web site elsewhere on the Internet. Each hyperlink isassociated with a Uniform Resource Locator (URL) that provides the exactlocation of the linked document on a server connected to the Internet.Thus, whenever a hypertext document is retrieved from any Web server,the document is considered to be retrieved from the WWW.

A user is allowed to retrieve hypertext documents from the WWW, i.e., auser is allowed to “surf the Web,” via a Web browser. A Web browser,such as NETSCAPE NAVIGATOR® or MICROSOFT® Internet Explorer, is asoftware program implemented by a Web client, i.e., a user's computer,to provide a graphical user interface to the WWW. Upon request from theuser via the Web browser, the Web client accesses and retrieves thedesired hypertext document or Web page from the appropriate Web serverusing the URL for the document and a protocol known as HyperTextTransfer Protocol (HTTP). HTTP is a higher-level protocol than TCP/IPand is designed specifically for the requirements of the WWW. It is usedon top of TCP/IP to transfer hypertext documents between servers andclients.

At the advent of the WWW, the information stored on the Internet wasfreely transferred back and forth between those parties interested inthe information. However, the WWW is quickly becoming a channel ofcommercial activity, whereby a vast number of companies have developedtheir own Web sites for advertising and selling their goods andservices. Commercial activity that takes place by means of connectedcomputers is known as electronic commerce, or e-commerce, and can occurbetween a buyer and a seller through an on-line information service, theInternet, a bulletin board system (BBS), or between buyer and sellercomputers through electronic data interchange (EDI). A buyer (alsoreferred to as a user, consumer or purchaser in the context ofe-commerce) may “visit the Web site” of a company or seller, i.e.,retrieve the hypertext documents located on the Web server of aparticular seller, and order any good or service that the seller has tooffer. If that good or service is in the form of electronically storedinformation, such as a book, a video, a computer game, etc., the buyermay simply download the good or service from the company's Web site tohis or her computer for immediate consumption and use. If the good orservice is of a more tangible nature, such as an appliance or article ofclothing ordered from an on-line catalog, a more conventional method ofdelivery, e.g., the postal service or a common carrier, is used.

A common method of payment for e-commerce purchases is electroniccredit, or e-credit. E-credit is a form of electronic commerce ofteninvolving credit card transactions carried out over the Internet.Traditional e-credit purchases are paid for by a major credit card,wherein the buyer is required to transmit his or her credit information,for example, an account number and expiration date, over the Internet tothe company's Web site. Many buyers are concerned about the security andconfidentiality of such electronic transmissions. Furthermore, manybuyers do not have a major credit card with which to make suchpurchases. Alternative billing systems, such as providing creditinformation by facsimile or postal service, are much less convenient andoften prove enough of a barrier to prohibit the sale altogether.Finally, the traditional methods of billing and payment do notadequately protect the seller or buyer from fraudulent purchases.

Accordingly, a more effective method and apparatus for ordering andbilling for goods, services and content over a network, and ultimatelythe Internet, is needed. The method and apparatus should protect theseller and buyer from fraudulent purchases. Additionally, the method andapparatus should provide an element of non-repudiation to alltransactions. The method and apparatus should also prevent buyers withhistories of nonpayment from purchasing additional goods, servicesand/or content. Finally, the method and apparatus should allow a buyerwithout a major credit card to purchase goods, services and content overthe network.

SUMMARY OF THE INVENTION

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This summary is not intended to identify key features ofthe claimed subject matter, nor is it intended to be used as an aid indetermining the scope of the claimed subject matter.

The present invention provides a computer program for ordering productsfrom computers connected to the Internet, wherein the buyer isautomatically billed for the ordered good, service or content based on avirtual payment account maintained by a commerce gateway.

In accordance with other aspects of the present invention, a commercegateway interfaces with a credit processing server to handle themonetary aspects involved in purchasing goods, services and/or content.The credit processing server interfaces with one or more financialinstitutions that physically handle the buyer's account. For example, abuyer can pay for purchases electronically by transferring funds from abank account held by the buyer at a financial institution, or byprepaying for the purchases by sending a check to the provider of thecommerce gateway. Alternatively, reward points earned by using thevirtual payment account can be applied towards purchases.

In accordance with still other aspects of the present invention, thecredit processing server or commerce gateway communicates with one ormore identity bureaus in order to determine a buyer's identity beforecreating a virtual payment account.

In accordance with still other aspects of the present invention, thecredit processing server communicates with one or more credit bureaus inorder to determine a credit limit for a buyer's virtual payment account.

In accordance with yet other aspects of the present invention, a virtualpayment account can have associated sub-accounts. A sub-account can havea credit limit that is less than the main account credit limit. Asub-account can limit the seller sites from which goods, services and/orcontent can be purchased.

In accordance with further aspects of the present invention, purchasesmust be made by a registered buyer from a registered seller. Security isensured via authentication of the parties to a transaction.Authentication can be performed by verification of a digitalcertificate, or a digital signature, or by alternate authenticationmethods.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing aspects and many of the attendant advantages of thisinvention will become more readily appreciated as the same become betterunderstood by reference to the following detailed description, whentaken in conjunction with the accompanying drawings, wherein:

FIG. 1 (Prior Art) is a block diagram of a representative portion of theInternet;

FIG. 2 is a pictorial diagram of a local area network (LAN) connected tothe Internet which supplies goods, services and/or content ordered by abuyer using a computer located elsewhere on the Internet in accordancewith the present invention;

FIG. 3 is a block diagram of the several components of the buyer'scomputer shown in FIG. 2 that is used to order goods, services and/orcontent from the Internet in accordance with the present invention;

FIG. 4 is a block diagram of the several components of a seller servershown in FIG. 2 that provides the ordered goods, services and/or contentin accordance with the present invention;

FIG. 5 is a block diagram of the several components of a commercegateway shown in FIG. 2 that is used to interface between the Internetand a credit processing server in accordance with the present invention;

FIG. 6 is a block diagram of the several components of a creditprocessing server shown in FIG. 2 that provides for the payment of theordered goods, services and/or content in accordance with the presentinvention;

FIG. 7 is a diagram illustrating the actions taken by a buyer'scomputer, the commerce gateway, the credit processing server, anidentity bureau and a credit bureau to create a virtual payment accountfor a buyer;

FIGS. 8A-8G are exemplary Web pages displayed on a buyer's computer whenapplying for a virtual payment account in accordance with the presentinvention;

FIGS. 9A-9C are exemplary Web pages used by a buyer to customize thevirtual payment account applied for in accordance with the presentinvention;

FIGS. 10A-10C are exemplary Web pages displayed on a buyer's computercontaining account statements and reports for a buyer's virtual paymentaccount in accordance with the present invention;

FIGS. 11A-11E are exemplary Web pages used by a buyer to purchase goods,services and/or content in accordance with the present invention;

FIG. 12 is a flow diagram illustrating the logic used by the buyer'scomputer to order goods, services and/or content from the Internet usingthe Web browser;

FIG. 13 is a flow diagram illustrating the logic used by a buyerauthenticator of the buyer's computer to validate that the buyer is aregistered virtual payment account participant;

FIG. 14 is a flow diagram illustrating the logic used by an alternatebuyer authenticator of the buyer's computer to validate that the buyeris a registered virtual payment account participant;

FIG. 15 is a flow diagram illustrating the logic used by the buyer'scomputer to apply for a virtual payment account using the Web browser;

FIG. 16 is a flow diagram illustrating the logic used by an enrollmentserver of the commerce gateway shown in FIG. 5 to establish a new buyeraccount in accordance with the present invention;

FIG. 17 a flow diagram illustrating the logic used by an accountidentification container generator of the commerce gateway shown in FIG.5 to generate an account identification for a given transaction;

FIG. 18 is a flow diagram illustrating the logic used by a commerceengine of a seller computer shown in FIG. 4 to provide for the ordering,shipment and payment of goods, services and/or content over theInternet;

FIG. 19 is a flow diagram illustrating the logic used by a commercegateway adapter of the seller server shown in FIG. 4 to allow a commerceengine to communicate with a transaction server on the commerce gateway;

FIG. 20 is a flow diagram illustrating the logic used by the transactionserver of the commerce gateway shown in FIG. 5 to process an order forgoods, services and/or content over the Internet using a virtual paymentaccount;

FIGS. 21 and 22 are flow diagrams illustrating the logic used by varioussub-systems of the credit processing server shown in FIG. 6 to providefor payment of goods, services and/or content ordered over the Internetusing a virtual payment account;

FIG. 23 is a diagram illustrating the actions taken by the buyer'scomputer, the seller server and the commerce gateway to order goods,services and/or content using the virtual payment account;

FIG. 24 is a flow diagram illustrating the logic used by the seller'scomputer to perform a settlement transaction, i.e., initiate transfer offunds;

FIG. 25 is a flow diagram illustrating the logic used by the transactionserver of the commerce gateway shown in FIG. 5 to process a settlementtransaction;

FIG. 26 is a flow diagram illustrating the logic used by theadministrator's computer to initiate a refund to be applied to a virtualpayment account in accordance with the present invention;

FIG. 27 is a flow diagram illustrating the logic used by a commercegateway to process a request for information from an identity bureau;

FIG. 28 is an exemplary window of an e-mail computer program containingan alternate authentication message;

FIG. 29 is an exemplary device showing an alternate authenticationmessage;

FIG. 30 is an exemplary Web page showing an alternate authenticationdialog;

FIGS. 31-41 are exemplary Web pages used by a seller to viewtransactions, status of payments and reports;

FIG. 42 is a flow diagram illustrating the logic used to authenticate aseller and generate a report for seller.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

As previously described and shown in FIG. 1, the Internet 40 is acollection of local area networks (LANs) 44, wide area networks (WANs)46, remote computers 48 and routers 42 that use the Transmission ControlProtocol/Internet Protocol (TCP/IP) to communicate with each other. TheWorld Wide Web (WWW), on the other hand, is a vast collection ofinterconnected, electronically stored information located on serversconnected throughout the Internet 40. Many companies are now sellinggoods, services and access to their premium content over the Internetusing the WWW. In accordance with the present invention, a buyer ordersgoods, services and/or content (referred to interchangeably herein as“products”) over the Internet 40 via a Web browser and is automaticallybilled for the purchase using his or her virtual payment account withouttransferring sensitive account information, such as account number andexpiration date, over the Internet 40. The virtual payment accountallows a buyer to settle transactions of the virtual payment accountusing a prepaid or credit account. In one actual embodiment of thepresent invention, the virtual payment account uses bank electronicfunds transfers, for example, using the Automated Clearing House (ACH)standard, which is maintained by the National Automated Clearing HouseAssociation (NACHA)—the standards group promoting electronic commercestandards. In another embodiment, the virtual payment account can befunded using a traditional paper check, with the buyer mailing a check,e.g., via the postal service, to the providers of the virtual paymentaccount system. Alternatively, funds transfer services and electronicbill payment services, such as CHECKFREE®, may be used. Reward pointsearned through use of the virtual payment account can also be applied tothe buyer's virtual payment account to pay for products.

More specifically, as shown in FIG. 2, the buyer purchases goods,services, and/or premium content from a seller server 51, i.e., acomputer owned by the seller that sponsors or sells the product, byplacing an order with the seller server from a computer 50 connected tothe Internet 40. The order is processed and confirmed by a commercegateway 52 connected to a LAN 44 located elsewhere in the Internet 40.The commerce gateway 52 is also connected to a credit processing server53 via the LAN 44. The credit processing server 53 communicates with oneor more identity bureaus 56 to verify the identity of the buyer. Afterverifying the identity of the buyer the credit processing server 53communicates with one or more credit bureaus 58 in order to determinethe credit worthiness of a buyer.

In one actual embodiment of the present invention described herein, theidentity bureau 56 is a server provided and maintained by an agency forverifying the identity of the buyer and the credit bureau 58 is a serverprovided and administrated by a credit agency for processing creditreports for buyers. The identity bureau 56 and credit bureau 58 can belocated on the LAN 44 or elsewhere on the Internet 40.

In yet another embodiment, the credit processing server can establish apoint-to-point connection with a remote identity bureau or credit bureauthat is not connected to either the LAN 44 nor the Internet 40. It willbe appreciated that other methods of communication between the creditprocessing server 53 and identity bureau 56 or credit bureau 58 may beused, for example, a secure Virtual Private Network (VPN) maintained andoperated by the identity bureau or credit bureau exclusively for thepurpose of identity checking or credit rating, respectively.

Finally, in yet other embodiments, the identity and credit bureaus maynot actually offer a server at all. Rather, a customer servicerepresentative for the identity or credit bureaus may process theidentity or credit report and manually provide the report to anadministrator of the present invention who manually enters the report tothe credit processing server 53.

The credit processing server 53 also communicates with one or morefinancial institutions 59 for the purpose of obtaining the buyer'spayment, i.e., a transfer of funds for the purchase of products. As isthe case with the identity and credit bureaus 58, the financialinstitutions 59 may be other servers in electronic communication withthe credit processing server 53, customer service representatives inmore traditional communication with the credit processing server 53, orsome combination thereof.

Finally, in addition to the commerce gateway 52, the LAN 44 includes anadministrative computer 54 used to administer buyer and sellerinformation and services provided by the commerce gateway 52 and creditprocessing server 53.

In the exemplary embodiment of the present invention shown in FIG. 2,the LAN 44 is insulated from the Internet 40 by a firewall 55 thattracks and controls the flow of all data passing through it. Thefirewall 55 protects the LAN 44 from malicious in-bound data traffic.The LAN 44 is a bus network interconnecting the various computers andservers. The LAN 44 shown in FIG. 2 can be formed of various couplingmedia such as glass or plastic fiberoptics cables, coaxial cables,twisted wire pair cables, ribbon cables, etc. In addition, one ofordinary skill in the art will appreciate that the coupling medium canalso include a radio frequency coupling media or other intangiblecoupling media. Any computer system or number of computer systems,including but not limited to workstations, personal computers, laptopcomputers, personal data assistants, servers, remote computers, etc.,that is equipped with the necessary interface hardware may be connectedtemporarily or permanently to the LAN 44, and thus, the Internet 40.However, if temporarily connected via a telephone link to another deviceconnected to the LAN 44, the interface hardware of both the remotecomputer 48 and the device to which it is connected must contain amodem.

Also shown in FIG. 2 is an exemplary authentication device 205 whosepurpose will be described in more detail below. In one embodiment of thecurrent invention, the authentication device may be a personal dataassistant (PDA) with a wireless modem. However, those of ordinary skillin the art will appreciate that the authentication device may be alaptop computer, a cellular telephone, a pager or any device capable ofreceiving a remote message.

Finally, those of ordinary skill in the art will recognize that whileonly one buyer computer 50, and one seller server 51 are depicted inFIG. 2, numerous buyer computers and seller servers equipped with thehardware and software components described below may be connected to theInternet 40. It will also be appreciated that the term “buyer” usedherein can be applied to any purchaser of goods and/or services and canbe applied equally to an individual, non-commercial purchaser, abusiness or a commercial purchaser. In other words, the term “buyer” canapply to any purchaser and the term “seller” can apply to any vendor ormerchant, be they on individual, non-commercial seller, a business or acommercial seller.

Relevant Buyer Computer, Seller Server, Commerce Gateway, and CreditProcessing Server Components

FIG. 3 depicts several of the important components of the buyer'scomputer 50. Those of ordinary skill in the art will appreciate that thebuyer's computer 50 could be any computer used by the buyer to utilizethe buyer's virtual payment account. Additionally, those of ordinaryskill in the art will appreciate that the buyer's computer 50 mayinclude many more components then those shown in FIG. 3. However, it isnot necessary that all of these generally conventional components beshown in order to disclose an illustrative embodiment for practicing thepresent invention. As shown in FIG. 3, the buyer's computer includes anetwork interface 60 for connecting to a LAN 44 or WAN 46, or forconnecting remotely to a LAN or WAN. Those of ordinary skill in the artwill appreciate that the network interface 60 includes the necessarycircuitry for such a connection, and is also constructed for use withthe TCP/IP protocol, the particular network configuration of the LAN orWAN it is connecting to, and a particular type of coupling medium.

The buyer's computer 50 also includes a processing unit 61, a display 62and a memory 63. The memory 63 generally comprises a random accessmemory (RAM), a read-only memory (ROM) and a permanent mass storagedevice, such as a disk drive. The memory 63 stores the program code anddata necessary for ordering and paying for a product over the Internet40 in accordance with the present invention. More specifically, thememory 63 stores a Web browser component 64, such as NETSCAPE NAVIGATOR®or MICROSOFT® Internet Explorer, and a buyer authenticator component 65formed in accordance with the present invention for authenticating abuyer as a registered participant of the virtual payment system prior toperforming any virtual payment account transactions. It will beappreciated that these components may be stored on a computer-readablemedium and loaded into memory 63 of the buyer computer 50 using a drivemechanism associated with the computer-readable medium, such as a floppyor DVD/CD-ROM drive.

As will be described in more detail below, the products ordered by thebuyer are supplied by a seller server 51, described next, followingauthorization from a remote server, i.e., a commerce gateway 52described later, located elsewhere on the Internet, e.g., on LAN 44illustrated in FIG. 2. FIG. 4 depicts several of the importantcomponents of the seller server 51. Those of ordinary skill in the artwill appreciate that the seller server 51 includes many more componentsthan those shown in FIG. 4. However, it is not necessary that all ofthese generally conventional components be shown in order to disclose anillustrative embodiment of practicing the present invention. As shown inFIG. 4, the seller server 51 includes a network interface 70 forconnecting to a LAN 44 or WAN 46, or for connecting remotely to a LAN orWAN. Those of ordinary skill in the art will appreciate that the networkinterface 70 includes the necessary circuitry for such a connection, andis also constructed for use with the TCP/IP protocol, the particularnetwork configuration of the LAN or WAN it is connecting to, and aparticular type of coupling medium.

The seller server 51 also includes a processing unit 71, a display 72and a memory 73. The memory 73 generally comprises a random accessmemory (RAM), read-only memory (ROM), and a permanent mass storagedevice, such as a hard disk drive, tape drive, optical drive, floppydisk drive, or combination thereof. In one actual embodiment of thepresent invention, the memory contains a product database 74 thatincludes the electronically stored good or service ordered by the buyer.In other embodiments of the present invention, the product database 74stores the premium content ordered by the buyer, i.e., the hypertextdocuments or other electronically stored information considered ofmonetary value by the seller. In yet other embodiments of the presentinvention, the goods may be tangible goods not capable of beingelectronically stored, in which case the product database includesdescriptive information of the products.

The memory 73 also contains a commerce engine component 75 forpurchasing a product from a seller Web site. The commerce enginecomponent 75 may be an existing commerce engine, such as MICROSOFT® SiteServer, which allows for the payment of products ordered over theInternet using a major credit card, e.g., VISA® or MASTERCARD®. Acommerce gateway adapter component 76 is also provided to allow thecommerce engine component 75 to interface with the commerce gateway 52.The commerce gateway adapter component uses and provides applicationprogramming interface (API) calls to interface with the commerce engine75. Also included in memory is a seller authenticator component 77 forverifying that the seller is an authorized or registered seller of thevirtual payment system of the present invention. It will be appreciatedthat the product database 74, the commerce engine component 75, thecommerce gateway adapter component 76 and the seller authenticatorcomponent 77 may be stored on a computer-readable medium and loaded intomemory 73 of the seller server 51 using a drive mechanism associatedwith the computer-readable medium, such as a floppy or CD-ROM drive.Finally, memory 73 stores a Web server component 78 for handlingrequests for stored information received via the Internet and the WWW.

FIG. 5 depicts several of the important components of the commercegateway 52. Those of ordinary skill in the art will appreciate that thecommerce gateway 52 includes many more components than those shown inFIG. 5. However, it is not necessary that all of these generallyconventional components be shown in order to disclose an illustrativeembodiment for practicing the present invention. As shown in FIG. 5, thecommerce gateway 52 is connected to the LAN 44 via a network interface80. Those of ordinary skill in the art will appreciate that the networkinterface 80 includes the necessary circuitry for connecting thecommerce gateway 52 to the LAN 44 and the firewall 55, and isconstructed for use with the TCP/IP protocol, the particular networkconfiguration of the LAN 44, and the particular type of coupling medium.

The commerce gateway 52 also includes a processing unit 81, a display 82and a memory 83. The memory 83 generally comprises a random accessmemory (RAM), a read-only memory (ROM), and a permanent mass storagedevice, such as a hard disk drive, tape drive, optical drive, floppydisk drive, or combination thereof. The memory 83 stores the programcode and data necessary for authorizing a seller server 51 to supplyproducts to buyers and obtaining payment for the products via a creditprocessing server 53 in accordance with the present invention. Morespecifically, the memory 83 stores a transaction server component 84formed in accordance with the present invention for authorizing a sellerto supply the ordered product and obtaining payment for the orderedproduct from the credit processing server 53. Memory 83 also contains anidentity bureau adapter 79 formed in accordance with the presentinvention for verifying a buyer or seller's identity. Also stored inmemory 83 is an enrollment server component 89 formed in accordance withthe present invention for determining the credit worthiness of anapplicant. An account identification container generator component 88 isalso stored in memory 83 for determining an internal accountidentification. A report server 85 is also stored in memory 83 forprocessing request for reports and consolidating information forrequested reports. Also stored in the memory 83 is a credit processingserver adapter component 86 for communicating with a credit processingserver 53 described below. It will be appreciated that the transactionserver component 84, the credit processing server adapter component 86,the account identification container generator component 88, and theenrollment server component 89 may be stored on a computer-readablemedium and loaded into memory 83 of the commerce gateway 52 using adrive mechanism associated with the computer-readable medium, such asfloppy or CD-ROM drive. The memory 83 also stores a Web server component87 for handling requests for stored information received via theInternet 40 and the WWW.

FIG. 6 depicts several of the important components of the creditprocessing server 53. Those of ordinary skill in the art will appreciatethat the credit processing server 53 includes many more components thanthose shown in FIG. 6. However, it is not necessary that all of thesegenerally conventional components be shown in order to disclose anillustrative embodiment for practicing the present invention. As shownin FIG. 6, the credit processing server 53 is connected to the LAN 44via a network interface 90. Those of ordinary skill in the art willappreciate that the network interface 90 includes the necessarycircuitry for connecting the credit processing server 53 to the LAN 44and the firewall 55, and is constructed for use with the TCP/IPprotocol, the particular network configuration of the LAN 44, and theparticular type of coupling medium.

The credit processing server 53 also includes a processing unit 91, adisplay 92 and a memory 93. The memory 93 generally comprises a randomaccess memory (RAM), a read-only memory (ROM), and a permanent massstorage device, such as a hard disk drive, tape drive, optical drive,floppy disk drive, or combination thereof. The memory 93 stores theprogram code and data necessary for authorizing and securing payment forproducts purchased using a virtual payment account in accordance withthe present invention. More specifically, the memory 93 of the creditprocessing server stores credit processing sub-systems including: anaccount/billing sub-system 94 for billing a buyer for products purchasedusing a virtual payment account; a payment processing sub-system 95 forcommunicating with a financial institution 59 in order to processpayments received for purchases made using a virtual payment account;and an account enrollment sub-system 96 for determining the credit limitfor an applicant as determined by information received from one or morecredit bureaus 58.

Also stored in memory 93 are an account database 97 and a financialdatabase 98 used to store data required for the account/billingsub-system 94, the payment processing sub-system 95, identity bureauadapter 99 and the account enrollment sub-system 96 to perform theirrequired functions. It will be appreciated that the account/billingsub-system 94, the payment processing sub-system 95, the accountenrollment sub-system 96, the account database 97, identity bureauadapter 99 and the financial database 98 may be stored on acomputer-readable medium and loaded into memory 93 of the creditprocessing system using a drive mechanism associated with thecomputer-readable medium, such as floppy or DVD/CD-ROM drive. It willalso be appreciated that the account/billing sub-system 94, the paymentprocessing sub-system 95, and the account enrollment sub-system 96 cancomprise, either in full or in part, existing, traditional credit cardpayment systems.

FIGS. 3-6 depict important components of the buyer computer 50, sellerserver 51, commerce gateway 52 and credit processing server 53 shown inFIG. 2 of one embodiment of the present invention. It will beappreciated that many other implementations and variations are possible.For example, one or more of the credit processing sub-systems 94, 95, 96could be included in the commerce gateway 52 instead of in the creditprocessing server 53. Alternatively, each of the credit processingsub-systems 94, 95, 96 of the credit processing server could be in aseparate server. Further, additional commerce gateways 52 and creditprocessing servers 53 may be located on the LAN 44 or elsewhere on theInternet 40.

Applying for a Virtual Payment Account

Once a VPA is set up, the virtual payment system of the presentinvention is a closed system that provides buyers a secure method forpurchasing products over the Internet. The closed system includes only aregistered buyer's computer 50, a registered seller server 51, thecommerce gateway 52 (administered by the provider of the virtual paymentsystem) and the credit processing server 53 (which can also beadministered by the provider of the virtual payment system). Since theaccount information necessary for charging the buyer for the purchase isalready in the possession of the commerce gateway 52 and the creditprocessing server 53, the closed system of the present invention allowsregistered buyers to purchase products from registered sellers withouttransferring sensitive account information to the sellers over theInternet. In order to become a member of the virtual payment system ofthe present invention, a buyer becomes a registered user by obtaining avirtual payment account. FIG. 7 illustrates the actions taken by thebuyer's computer 50, the commerce gateway 52, the credit processingsystem 53, and the credit bureau 58 to create a virtual payment accountfor a buyer. The interactions of the various components are illustratedand described in detail later for various transactions performed by thepresent invention with reference to the diagrams shown in FIGS. 12, 27and 42. As shown in FIG. 7, the process of applying for a virtualpayment account is initiated when a buyer requests 100 an applicationform via the Internet using the Web browser 64 installed on the buyer'scomputer 50. The buyer may apply for a virtual payment account directlyfrom a virtual payment account Web site located at the commerce gateway52 or indirectly from a registered seller site located at the sellerserver 51. Once the request 100 for the application form is received bythe commerce gateway 52, the commerce gateway 52 provides buyer computer50 the application form 102 so that the buyer can complete the formdisplayed in the Web browser 64 of the buyer computer 50.

Upon completion of the application form, the buyer computer 50 submitsthe completed application form 104 to the commerce gateway 52. Thecommerce gateway 52 then submits the application data 106 from thecompleted form to the credit processing server 53 for account and creditlimit authorization. The credit processing server 53 verifies theapplication data by requesting identity information 116 from an identitybureau 56. The identity bureau provides the requested identityinformation 118 and if the provided identity information corresponds tothe application data then the credit processing server 53 requestscredit information 108 about the buyer from a credit bureau 58. However,in one actual embodiment of the present invention, if the applicationdata does not conform to the identity information from the identitybureau 56, then no virtual payment account is created and theapplication is forwarded to customer service for review for possiblefraud detection. As noted above, in the actual embodiment of the presentinvention, the identity bureau 56 is a server provided and maintained bya agency for verifying identity and the credit bureau 58 is a serverprovided and administrated by a credit agency for processing creditreports. Hence, the credit processing server 53 requests the desiredidentity and credit information electronically, e.g., via appropriatedatabase queries, etc., from the identity bureau 56 and credit bureau58.

Returning to the illustrated embodiment, the credit bureau 58 providesthe requested credit information 110 to the credit processing server 53via the connection with the credit processing server 53. The creditprocessing server 53 then evaluates the application, identity and creditinformation by combining the identity information from the identitybureau and the credit information received from the credit bureau 58with application data in order to determine a credit score 111. If thescore exceeds a certain threshold, a credit limit is set and the virtualpayment account is created 112. If the score falls below the threshold,a virtual payment account may still be created 112, however, allpurchases must be prepaid, and the account information is forwarded to acustomer service representative for review for a possible later grant ofcredit.

Once the virtual payment account is created, the credit processingserver 53 returns the result of the evaluation 113, e.g.,approval/denial, prepaid account only, credit limit, etc., to thecommerce gateway 52. The commerce gateway then requests 120 that thebuyer authenticator 65 on the buyer computer generate a public keyencryption key pair 122 comprising a secret key and a public key. Thebuyer authenticator 65 then submits the public key to the commercegateway 124. The commerce gateway 52 digitally signs the public key togenerate a digital certificate 126. As will be appreciated by those ofordinary skill in the art, a digital certificate comprises a public keydigitally signed by a trustworthy entity. The commerce gateway 52 sendsthe digital certificate and an application result page 114 to the buyercomputer 50 for display via the buyer computer's Web browser 64.Finally, the buyer computer stores the digital certificate 128 for uselater with the virtual payment account.

It will be appreciated that the digital certificate may be stored in thememory 63 of the buyer computer 50, or on some form of device capable ofinterfacing with the buyer computer such as but not limited to a securetoken, smart card or as an encrypted file on some other computerreadable medium. It will be appreciated by those of ordinary skill inthe art that the order of the operations in FIG. 7 may be alteredwithout substantially affecting the operation of the present invention.For example, the buyer may be notified of the application results beforegenerating the public key encryption pairs.

FIGS. 8A-8G are exemplary Web pages provided to the buyer by the Webbrowser 64 of the buyer computer 50 in connection with applying for avirtual payment account as described above. Using the Web page 600 shownin FIG. 8A, the buyer selects the type of virtual payment account theydesire to apply for, e.g., credit or prepaid, and submits theinformation by clicking “continue.” Next, the Web pages 605, 610 and 615shown in FIGS. 8B-8D for the application form are displayed to the buyervia the Web browser 64. In one actual embodiment of the presentinvention, the buyer fills out the application form with the appropriateapplication data on-line. Alternatively, the buyer can request theapplication on a printed form and submit the printed form via facsimileor regular mail, in which case a customer service representative willenter the information into the account database 97 of the creditprocessing server 53 via the administrative user computer 54. Theapplication data includes information such as social security number andincome that will be used to determine a credit limit for the buyer.Information entered by the buyer in the application form is also usedfor demographic purposes. For example, banner advertisements can bedisplayed via the Web browser 64 on the buyer computer 50 and can betargeted to the buyer based on demographic information, such as thebuyer's age and geographic location.

After the buyer completes the application form contained in the Webpages, 605, 610 and 615 shown in FIGS. 8B-8D and the application isprocessed by the credit processing server 53, a Web page 620 as shown inFIG. 8E is transferred to and displayed by the buyer computer's Webbrowser 64, which notifies the buyer of the results of the applicationprocess, i.e., account approval and details of his or her virtualpayment account, including the account credit limit. Once the accountapproval is complete and the account accepted by the buyer, the commercegateway 52 then transmits the buyer authenticator component 65 (which,as described above, generates a public key encryption key pair) to thebuyers computer for installation as shown in FIG. 8F. FIG. 8G shows anexemplary Web page 630 that allows the buyer to activate their virtualpayment account.

Customizing and Modifying a Virtual Payment Account

Once a virtual payment account has been approved and a credit limit setas described above, the account can be customized by the buyer. Accountinformation is then stored in the account database 97 of the creditprocessing server 53. FIGS. 9A-9C illustrate an exemplary set of Webpages downloaded from the commerce gateway 52 and displayed by the Webbrowser 64 of the buyer's computer 50 for customizing the buyer'svirtual payment account. FIGS. 9A-9B illustrate Web pages 640 and 645for main account customization. As shown in FIG. 9A, the buyer maycustomize his or her virtual payment account contact information andpreferences. FIG. 9B illustrates that the main account holder is able toconfigure access controls for their account and all sub-accounts asshown in Web page 645.

As shown in FIG. 9C, the buyer may also customize sub-accounts for hisor her own use, or for use by a business partner, spouse and/orchildren. As will be described in more detail below, the buyer may thenimpose his or her own spending limits on the sub-accounts. In one actualembodiment, reward points accrue in the main account so that the buyercan transfer the reward points to sub-accounts. It will be appreciatedthat in other embodiments, reward points could accrue to individualsub-accounts, if the buyer so desires. Reward or reward points can laterbe used, for example, to make a payment for a purchase, to receiveseller discounts, to purchase frequent flyer miles, etc. It will beappreciated by those of ordinary skill in the art that reward points canbe earned by the buyer and applied to his or her virtual payment accountin a myriad of different ways.

It will also be appreciated that a similar process is performed for aseller to become an authorized or registered seller. In one embodiment,a seller can apply to become a participant by completing an applicationform on-line. In another embodiment, a seller applies to become aparticipant of the system using a more traditional manual applicationprocedure. In yet another embodiment, some combination of an on-line andmanual process is used. It will be appreciated that if the sellerapplication process is performed in whole or in part on-line, a Webbrowser component (not shown in FIG. 4) is used to display Web pages onthe seller's computer display 72. The seller forms a contract with theprovider of the commerce gateway 52. In one exemplary embodiment, thiscontract includes terms such as the billing period and the fee that willbe paid to the commerce gateway provider. Since a seller is selling aproduct to a buyer who has a virtual payment account, the seller willnot have sub-accounts in the same sense that a buyer has sub-accounts.However, a seller selling different types of data can have differentaccounts. For example, a book store may have a general account and oneor more restricted accounts, for example, the restricted accounts mayprohibit sales of adult products to minors. This can be in the form of arating system (e.g., G, PG, PG13, NC17, R, etc.). In a similar manner tothe buyer application process, once a seller has been approved and theseller account customized, a digital certificate is installed on theseller's computer 51 to identify the seller as a registered seller inthe virtual payment system. The digital certificate is used incombination with a secret key generated by the seller server 51 and apublic key generated by the seller server and sent to the gateway 52 toencrypt/decrypt messages for greater security.

It will be appreciated, as described earlier, that a seller can applyfor a “buyer” account. In other words, a seller can purchase products asthe owner of a virtual payment account.

Digital Security

The illustrated embodiment also allows a buyer to create a custompackage of sub-accounts. As will be readily recognized by those ofordinary skill in the art, the buyer may be provided with any number,type or combination of sub-accounts depending on the desires of thoseproviding and administrating the virtual payment system of the presentinvention.

The buyer can add sub-accounts (e.g., supplemental users, youngshoppers, etc.) via the Web pages 650 shown in FIG. 9C. Sub-accounts canbe customized for young shoppers as shown in FIG. 9C, for example, bysetting spending limits for the young shopper and identifying only thoseseller Web sites from which the young shopper can purchase products.

As will be described in more detail below, once the virtual paymentaccount has been authorized 114 and customized, a digital certificate istransferred by the commerce gateway 52 and installed 128 on the buyercomputer 50. The digital certificate is then used in subsequenttransactions as a unique credential to identify the buyer as aregistered holder of a virtual payment account. In an actual embodimentof the present invention, a buyer or seller is identified as aregistered user of the virtual payment system by the commerce gateway 52verifying the commerce gateway's digital signature on the digitalcertificate associated with the buyer's virtual payment account.

It will be appreciated that several levels of security can be imposed onon-line transactions. Moving from the lowest level to the highest level,there can be: (1) no security restrictions imposed; (2) minimalsecurity, such as account name and password verification; (3)intermediate security, such as a digital certificate or secret key; (4)high security, such as a transaction signed with a digital signatureusing the buyer's secret key; or (5) maximum security, such as a digitalsignature and additional access controls, such as an account number, alast purchase verification, smart cards, secure tokens or somecombination thereof. As will be described later, in the actualembodiment of the virtual payment system described herein, the term“digital certificate” is used to describe the authorization used;however, it will be appreciated that a higher level of security such asa digital signature, or a digital signature with additional accesscontrols may be desired in order to ensure the highest level of securityfor all parties involved (i.e., the buyer, the seller, the commercegateway, and the credit processing server) in virtual payment accounttransactions.

In one exemplary embodiment of the security transaction, the sellerserver 51 digitally signs a purchase offer with a certificate issued bythe commerce gateway 52 and sends it to the buyer computer 50; the buyercomputer 50 digitally signs the purchase offer with a certificate issuedby the commerce gateway 52 and sends it back to the seller server 51;the seller server 51 then forwards the doubly signed purchase offer tothe commerce gateway 52; the commerce gateway 52 verifies bothsignatures and if they are both valid and the transaction is permissiblethen signs the doubly signed offer and returns the resulting triplysigned purchase offer to the seller server 51; the seller serververifies the commerce gateway's 52 signature, and if it is valid, thenthe purchase transaction is complete. In the aforementioned example, theseller server 51 may notify the buyer computer 50 or they may not.

Ordering Products

Once a buyer has created and customized his or her virtual paymentaccount, he or she can immediately order products via the Internet if heor she was granted credit during the account application process. If,however, the buyer's virtual payment account is only a prepaid account,prepayment must be made before the buyer can order products. In analternate embodiment, the buyer with only a prepaid account can orderproducts, however, shipment of the product will be held until theprepaid account is sufficiently funded to cover the purchase. Morespecifically, this would allow any registered buyer to have a form of“digital layaway” and by ordering products directly from the Web site ofany registered seller. It will be appreciated that in yet anotherembodiment, buyer and seller will use the same type of virtual paymentaccounts and that any buyer can therefore act as a seller and viceversa. Additionally, it will be appreciated that a seller can be anauction Web site, in which a buyer uses his or her virtual paymentaccount to pay for the goods, services and/or content purchased from theauction Web site.

In one actual embodiment of the present invention depicted in FIGS.11A-11C, the buyer may “surf the Web” and visit a registered seller'sWeb site, such as “Virtual Store,” 1100 using the Web browser 64. Oncethe buyer visits a registered seller's Web site, the buyer may order andpay for products offered from that Web site using his or her virtualpayment account. More specifically, a buyer using buyer computer 50 andWeb browser 64 may retrieve the Web page 1100 shown in FIG. 11A from theseller Web site fictitiously known as “Virtual Store.” The buyer makes aselection of a particular product 1105 by manipulating a graphics cursorwith a pointing device, such as a mouse above the selection 1110 and“single-clicking.” It will be appreciated that other pages, for example,a query page in which the buyer requests products by a keyword, may bedisplayed. It will also be appreciated that the Web page 1100 shown inFIG. 11A is a simplified example. It is common for a seller site toallow a buyer to select multiple products and place them in a “shoppingcart.” The buyer can then view the items in the cart and, if desired,remove items from the cart. Once the buyer has selected the desireditems for purchase, the buyer indicates a desire to purchase theselected items, for example, by clicking an “OK” or a “Buy” button. Inthe simplified example shown in FIG. 11A, the buyer selects an item,such as the Virtual Store Personal Computer 1105 and presses the “Order”button 1110 to initiate the purchase transaction.

After initiating the purchase transaction, the seller server 51 providesthe Web browser 64 of the buyer's computer 50 with the Web page 1150shown in FIG. 11B, which requests shipping information 1160, such as astreet address, from the buyer. Additionally the Web Page 1150 includesvarious payment options, i.e., major credit cards, such as VISA® orMASTERCARD®, with electronic transmission of credit information. Inaccordance with the present invention, a virtual payment account optionis also displayed as a payment option for registered sellers. Afterentering the shipping and payment information 1160 and selecting thevirtual payment option 1155, the buyer can continue by clicking on the“Purchase” option 1165. In an actual embodiment of the present inventionthe buyer authenticator 65 displays a window 1170 requesting the buyerto select their choice of accounts 1172, along with an authenticatingpass phrase 1175. After selecting an account and entering the correctpass phrase, the buyer clicks “Continue” 1177 to proceed with thepurchase. In response, the seller server 51 calculates the total cost ofthe order, including tax and shipping and handling, and the buyer ispresented with a confirmation screen 1180 as shown in FIG. 11C. Afterauthorizing the purchase, the buyer may be presented with a paymentconfirmation screen 1185 as shown in FIG. 11D. Additionally, the buyermay be presented with an order confirmation screen 1190 as shown in FIG.11E.

FIG. 12 illustrates the logic implemented by the Web browser 64installed on the buyer computer 50 when the virtual payment accountoption 1155 is selected. The logic begins in a block 220 and proceeds toa block 222 where a secure connection between the buyer computer 50 andcommerce gateway 52 is established. In an actual embodiment of thepresent invention, the Secure Socket Layer (SSL) protocol is used forestablishing a secure connection. SSL uses public key encryptionincorporated into a Web browser, such as NETSCAPE NAVIGATOR® Web browserand Netscape's commerce servers, to secure the information beingtransferred over the Internet. The logic then proceeds to a block 224where a buyer authenticator component 65 on the buyer computer 50 isexecuted. It will be appreciated that the buyer authenticator component65 can also be included, in part or in whole, in the Web browser 64. Thebuyer authenticator component 65 is shown in more detail in FIG. 13 anddescribed next.

The buyer authenticator 65 determines whether a buyer is a registeredholder of a virtual payment account or, put another way, a registeredparticipant in the closed virtual payment system of the presentinvention. The logic of FIG. 13 begins in a block 243 and proceeds to ablock 244 where an authentication request and container are receivedfrom the Web browser 64. The container includes: transactioninformation, such as purchase detail; identification of the parties,such as a buyer identification that identifies the buyer, e.g., thedigital certificate previously issued to the buyer when he or shecreated the virtual payment account as described above; and a selleridentification, e.g., the digital certificate issued to the seller uponcreation of a seller account; and context, such as transaction date andtime. It will be appreciated that the container is initially empty, anddata is then added to the container by various components. As statedearlier, embodiments of the invention implement the buyer authenticator65 in the Web browser 64. In one actual embodiment, the buyerauthenticator 65 is an applet operating from within the Web browser 64.

Next, in decision block 246, a test is made to determine if a digitalcertificate is installed on the buyer computer 50. The digitalcertificate may be stored in the buyer computer 50 memory 63 or one someother device associated with the buyer computer such as a secure token,a smart card or encrypted on some computer readable medium. It will beappreciated that other methods of digital identification can be used. Ifthe digital certificate is installed, the digital certificateidentification is inserted into the authentication container and theauthentication request and container are returned to the Web browser inblocks 248 and 250. The container can be any one of a variety of dataformats, for example, one embodiment of the present invention aproprietary protocol is used. In an actual embodiment of a presentinvention, a public key generated by the buyer's computer and signed bythe commerce gateway (thereby forming a digital certificate) is alsoinserted into the container. The secret key is never transmittedanywhere in the virtual payment system of the present invention. Thecombination of the secret key and the digital certificate provides aheightened level of security to the buyer authentication process. Adigital signature is generally a document that has been encrypted by thesecret key of a public key pair. Only the public key of the same keypair will be able to decrypt the document to its original form. This isparticularly useful in demonstrating that only the holder of the secretkey is able to sign (encrypt) the document. In practical terms, signinga large document using public key cryptography can be very timeconsuming. Almost equally effective is creating a cryptographic messagedigest of the document and then encrypting the digest with the secretkey. Therefore those of ordinary skill in the art will appreciate thatanyone knowing the corresponding public key and the digest algorithmwill be able to verify that the message was not altered and that itoriginated from the holder of the corresponding secret key. It will beappreciated that the digital certificate as used herein refers to anauthentication identifier that is recognized by the provider of thevirtual payment account that adheres to the provider's non-repudiationpurchase policies.

If, however, in decision block 246 it is determined that a digitalcertificate is not installed on the buyer computer 50, the logicproceeds to a decision block 252 where a test is made to determine if“certificate not present” processing should be performed. Certificatenot present processing allows a buyer to manually enter identificationinformation when a digital certificate is not present. Theidentification information can include information such as an e-mailaddress, a password and personal information, for example, a mortgagepayment amount. If the result of decision block 252 is positive, thelogic proceeds to an alternate authentication in block 254. Thealternate authentication is shown in more detail in FIG. 14 anddescribed next.

The logic of FIG. 14 begins at a block 1401 and proceeds to block 1405where the authorization options are displayed to the buyer. Next, it isdetermined in a block 1410 if the buyer requested an authorization codeas the alternate authorization mechanism. If the buyer did choose toreceive an authorization code, then the Web browser 64 on the buyercomputer is sent an authorization code entry form in a block 1415 andthe authorization code is sent to an authentication device in a block1420. Exemplary authentication devices 2800 or 2900 are shown in FIGS.28 and 29 respectively. After receiving the authorization code, thebuyer enters the code in the authorization code entry form in a block1425.

If however at block 1405 the buyer decides not to request anauthorization code, then from block 1410 the logic flows to a block 1450where an interactive authentication Web form 3000 is sent to the Webbrowser 64 on the buyer's computer 50. An exemplary interactiveauthentication Web form 3000 is shown in FIG. 30. Next in a block 1455the buyer completes the interactive authentication Web form 3000.

Next, the completed authorization entry form from block 1425 or 1455 istransmitted to the commerce gateway 52 in a block 1430. The logic thenproceeds to a block 1435 where it is determined whether theauthentication was successful. If the authentication was successful thelogic ends at a block 1498 returning a successful authentication. If theauthentication was unsuccessful the logic ends at a block 1499 returningan unsuccessful authentication.

Returning to FIG. 13 the logic then moves to a block 256 where theinformation from the alternate authentication process is passed backthrough the buyer authenticator 65 and the logic ends at block 262. Ifthere is no digital certificate installed (“No” in decision block 246)and certificate not present processing is not going to be performed, forexample by a user selecting “cancel” 3010 in the certificate not presentauthorization Web page 3000 shown in FIG. 30 (or “No” in decision block252), the buyer likely does not have a virtual payment account.Accordingly, the logic of FIG. 13 proceeds to a decision block 258 wherea test is made to determine if the buyer wishes to apply for a virtualpayment account. If the buyer wishes to apply for a virtual paymentaccount, the logic proceeds to a block 260, in which the buyer isallowed to apply for a virtual payment account as shown in FIG. 15 anddescribed next. Otherwise, the buyer authenticator 65 returns anunsuccessful authorization message to the Web browser 64 in a block 261and the logic ends in block 262.

FIG. 15 illustrates the logic implemented by the Web browser 64 when abuyer applies for a virtual payment account. It will be appreciated thatapplying for a virtual payment account can be invoked by a buyerrequesting an account directly from the commerce gateway 52 or by abuyer who is not registered attempting to order a product from aregistered seller. In either case, the logic for applying for a virtualpayment account via a Web browser 64 begins in a block 270 and proceedsto a block 272 where a request for an application form is received bythe Web browser 64. Next in a block 273, the request for an applicationform is sent to the Web server component 87 of the commerce gateway 52,The requested application form is then received from the Web servercomponent 87 of the commerce gateway 52 and displayed in the buyer's Webbrowser in a block 274.

Next, in a block 275, the completed account application form is sent tothe commerce gateway 52 and processed by an enrollment server component89 as shown in FIG. 16, and described next. In another embodiment, theaccount application is sent to the transaction server component 84 thathandles financial transactions and also handles non-financialtransactions, such as enrollment.

The logic of the enrollment server 89 shown in FIG. 16 begins in a block280 and proceeds to a block 282 where a completed application form isreceived from the Web browser. Next, in a block 283 identityinformation, such as name, employer, current residence, etc., isrequested from an identity bureau 56 via the identity bureau adapter 79whose logic is shown in FIG. 27 and described next.

Accordingly, the logic of FIG. 27 begins in a block 2705 and proceeds toa block 2710 where the identity request is received. The request is thenformatted to be compatible with the particular identity bureau in ablock 2715. Next, the logic proceeds to a block 2720 where the formattedrequest is then sent to identity bureau 56. The result of the request isreceived from the identity bureau in a block 2725. Next, in a block2730, the result is then returned to requester. The logic of FIG. 27then ends in a block 2735.

Returning to FIG. 16, if in a block 284, which in this case is theenrollment server 89, it is determined that the identity informationreceived from the identity bureau 56 via the identity bureau adapter 79corresponds to the information in the application received in block 282,then processing continues to a block 285 where the enrollment serverrequests credit information, such as income, length of time with currentemployer, length of time at current residence, etc., from a creditbureau 58 via the credit processing server adapter 86 as shown in FIG.21 and described later with reference to a purchase authorizationrequest.

Upon receipt of the credit information, the logic proceeds to a block286 where the application is scored based on the identity bureauinformation and credit bureau information in combination with internalcriteria. The internal criteria provide a score for the various piecesof credit information. For example, incomes will be broken down intoranges, with a point value assigned to each range. Similarly, pointvalues will be assigned based on the time the applicant has lived at hisor her current residence, etc. The points for each piece of creditinformation are combined to determine a score for the applicant. Thescore equates to the credit worthiness of the buyer and is used todetermine if the applicant will receive a credit account, or if thescore falls in an intermediate range, a prepaid account, and if so, toestablish a credit limit for the applicant, i.e., buyer. Next, if thescore is above a threshold logic ends with a successful enrollmentresult returned to the Web browser in a block 288. However if the scoreis below a certain threshold or if the identity information provided bythe identity bureaus 56 does not correspond to that of the buyer'sapplication, then an unsuccessful result is returned in a block 289.Processing then returns to FIG. 15.

In FIG. 15, once a response is received from the enrollment server 89 ablock 265 examines whether an account was created. If it was, then arequest is sent to the buyer computer 50 to generate a public keyencryption pair in block 267 and to submit the public key to theenrollment server 89 on the commerce gateway 52. The enrollment serverthen signs the public key to create a digital certificate and returns asuccessful enrollment Web page 620, as shown in FIG. 8E, which isreceived in a block 276 along with the digital certificate in a block278. If at block 265 it was determined that an account was not createdthen an unsuccessful application Web page is displayed (not shown) at ablock 266. In the case of applying for a virtual payment account, theresult page 620 provides details of the new account for the buyer, orcontains a message informing the buyer that there was an error creatingthe account. The logic of FIG. 15 of applying for a virtual paymentaccount then ends in a block 279 and processing returns to FIG. 13.

Referring again to FIG. 13, after the buyer has applied for a virtualpayment account, the logic returns to decision block 246 where the testto determine if a digital certificate is installed on the buyer computer50 is repeated. Depending on the results of decision block 246, eitherblocks 248-250 or blocks 252-256 are repeated for the recent applicantof a virtual payment account. The logic then ends in a block 262.

While the logic of authenticating a buyer as shown in FIG. 13 anddescribed herein uses a digital certificate as the primary means forauthenticating a buyer, it will be appreciated that other methods arepossible. For example, a lesser level of security could be employed,whereby a user could be required to enter identifying information, suchas the information entered in alternate authentication shown in FIG. 14.Alternatively, a greater degree of security could be employed whereby adigital certificate is required, and “certificate not present”processing is not allowed. Or, an even greater level of security couldbe used requiring a digital signature and other verifying informationfrom the buyer.

Returning to FIG. 12, after buyer authentication is completed in block224, the logic proceeds to a decision block 226, where a test is made todetermine if the buyer authentication was successful. If not, the logicproceeds to a block 227 where an error message is displayed on the buyercomputer 50 by the Web browser 64 notifying the buyer of the failedauthentication. The logic of FIG. 12 ends in a block 242.

However, if the buyer was successfully authenticated, the logic proceedsto a block 228 where a virtual payment account selection Web page 1170as shown in FIG. 11B is displayed. Included in the requested informationof the virtual payment account selection Web page 1170 is anidentification of the applicable account or sub-account to which thepurchase should be applied. Next, in a block 230, sub-account andpassword information (used to unlock the buyer's digital certificate)are obtained from the buyer from the information entered in the virtualpayment account selection Web page 1170 of FIG. 11B when the buyerindicates that the information has been entered by selecting “Continue”1177. The logic of FIG. 12 then proceeds to a block 232 where thesub-account, and an authentication container are sent to the commercegateway 52 and processed by the account identification containergenerator 88 shown in FIG. 17 and described next.

The logic of FIG. 17 begins in a block 800 and proceeds to a block 802where the sub-account and authentication container are received from Webbrowser 64 of the buyer computer 50. The logic then proceeds to a block804 where an internal account identification associated withauthentication container is determined. An empty account identificationcontainer is then created in a block 806. Next, in a block 808, internalaccount identification and sub-account information is added to the emptyaccount identification container. The logic then proceeds to a block 810where an internal digital signature is applied to the accountidentification container. For example, message digest logic can be usedby applying an algorithm that takes a variable length message andproduces a fixed length digest as output using a one-way hashingalgorithm that establishes the message as cryptographically secure.Finally, the account identification container is returned to the Webbrowser 64 in a block 812. The logic of FIG. 17 then ends at a block814, and processing returns to FIG. 12.

Returning to FIG. 12, after the sub-account and authentication containerare sent to the commerce gateway 52, the logic then proceeds to a block234 where the logic waits to receive the account identificationcontainer from the account identification container generator component88 of the commerce gateway 52. Once the account identification containeris received from the commerce gateway 52, the logic proceeds to a block238 where a purchase request is sent to the commerce engine 75 in theform of a request and account identification container for processing asshown in FIG. 18 and described next.

The commerce engine 75 is the component of the seller server 51 thatdetermines whether or not the order will be processed and whether therequested product will ultimately be provided to the buyer. It will beappreciated that commerce engines are well known in the art. Thecommerce engine component 75 used in conjunction with the commercegateway adapter component 76 allows the virtual payment system of thepresent invention to expand existing technology that is currently usedfor traditional credit systems to encompass the virtual payment accountof the present system. It will be further appreciated that while theembodiment shown and described modifies the commerce engine to achievethis functionality (which may be possible through existing API calls ofthe commerce engine), other embodiments are possible. This expandedcommerce engine functionality is shown in FIG. 18.

The logic of FIG. 18 begins in a block 300 and proceeds to a block 302where a purchase request and account identification container arereceived from the Web browser 64 of the buyer computer 50. The logicthen proceeds to a decision block 304 where a test is made to determinewhether the purchase request should be forwarded to the commerce gatewayadapter 76. If the purchase request is to purchase products using avirtual payment account, the request should be forwarded to the commercegateway adapter 76 for processing in accordance with the virtual paymentsystem of the present invention. In another embodiment, only the request(without the account identification container) is received from the Webbrowser in block 302, and if it is determined in decision block 304 thatthe purchase request should be forwarded to the commerce gateway adapter76, the account identification is then obtained from the Web browser 64.In either case, if it is determined in decision block 304, that thepurchase request should be forwarded to the commerce gateway adapter 76,the logic proceeds to a block 306 where the request is forwarded to thecommerce gateway adapter. The commerce gateway adapter 76 is shown inmore detail in FIG. 19 and described next.

The commerce gateway adapter 76 is a component residing on the sellerserver 51 that allows the seller server to communicate directly with thetransaction server component 84 of the commerce gateway 52 in order toexpand the authorization function of the commerce engine 75 to includevirtual payment account transactions. Accordingly, the logic of FIG. 19begins in a block 330 proceeds to a block 332 where the forwardedpurchase request and account identification container are received fromthe commerce engine 75. Next, in a block 334 the purchase request andaccount identification container are sent to the transaction server 84in the form of a transaction request for further processing as shown inFIG. 20 and described next.

The transaction server component 84 of the commerce gateway 52 isresponsible for interfacing with the other components of the system anddetermining whether or not a requested transaction should be applied toa buyer's virtual payment account. The logic of FIG. 20 begins in ablock 350 and proceeds to a block 352 where the transaction request isreceived. Next, in a block 353 the account identification container isdecoded and verified. The origin or source of the request as well as thecontext, i.e., date and time, of the request are then recorded in memory83 of the commerce gateway 52 in a block 354. Next, the logic proceedsto a decision block 356 where a test is made to determine whether therequested transaction is permissible. A variety of factors can beconsidered in making the determination of whether a requestedtransaction is permissible. For example, spending limit cannot beexceeded, and user-imposed limitations, such as those put on a youngshopper account, e.g., sites from which the young shopper can makepurchases and hours during which the young shopper can make purchases asshown in FIG. 9C, cannot be violated.

If the transaction is not permissible, the logic proceeds to a block 357where an impermissible transaction message is sent to the requester(e.g., the commerce gateway adapter 76 in the context of a purchaserequest). The logic of FIG. 20 then ends in a block 376. If, however,the transaction is permissible, the logic proceeds from decision block356 to a block 360 where the transaction request is sent to a creditprocessing server adapter 86 for further processing as shown in FIG. 21and described next.

The credit processing server adapter 86 is the component residing on thecommerce gateway 52 that allows commerce gateway 52 components, such asthe transaction server 84 and the enrollment server 89 to communicatedirectly with the various sub-systems of the credit processing server53, which provide for the application of the requested transaction tothe buyer's actual payment account. Accordingly, the logic of FIG. 21begins in a block 380 and proceeds to a block 382 where the request isreceived. For example, a purchase authorization request or a refundrequest is received from the transaction server 84 and a creditinformation request is received from the enrollment server 89. Therequest is then formatted to be compatible with the appropriate creditprocessing sub-system, i.e., the account/billing sub-system 94, thepayment processing sub-system 95 and/or the account enrollmentsub-system 96, on the credit processing server 53 in a block 384. Next,the logic proceeds to a block 386 where the formatted request is thensent to credit processing server 53 for processing by the appropriatecredit processing sub-system, as shown in FIG. 22 and described next.

For any credit processing sub-system, the logic of FIG. 22 begins in ablock 390 and proceeds to a block 392 where the transaction request isreceived from the credit processing server adapter 86. Next, accountdata and sub-account data are retrieved in blocks 394 and 396,respectively from the appropriate database, e.g., account database 97and financial database 98. Standard credit transaction processing isthen performed in a block 398. Examples of standard transactions for theaccount/billing sub-system 94 include: creating and maintainingaccounts, including holding account information and account holderinformation, such as name and address; calculating interest; calculatingminimum monthly payments; generating electronic monthly statements; andcalculating other charges, known as discounts. The discount is theportion of the transaction amount that will go to the provider of thecommerce gateway 52, and can be determined on a fixed amount pertransaction basis, or a percentage of transaction amount basis. Examplesof standard transactions for the payment processing sub-system 95include: collecting payments from buyers and applying the payments tothe buyer's account; transferring funds between sellers and buyer, forexample by interfacing with financial institutions 59 for ACHtransactions. Examples of standard transactions for the accountenrollment sub-system include: obtaining credit information from creditbureaus; providing the credit information to the commerce gateway 52 forscoring; determining a credit score based on the credit information andproviding the score to the commerce gateway; and providing scoringinformation to the account/billing sub-system 94 for account creation.

The logic then proceeds to a block 399 where necessary accountadjustments are applied, if applicable. For example, the account balancewill be reduced by the amount of an authorized purchase transaction. Inone embodiment of the present invention, reward points are accrued atthe time of purchase, but committed later, for example during theperiodic, e.g., monthly, statement preparation process. Alternatively,reward points may not accrue until payment is made for the product towhich the points are attributed. Next, the transaction result, such asthe credit information or the purchase authorization, is sent to thecredit processing server adapter 86 in a block 400. The logic of FIG. 22then ends in a block 402 and processing returns to FIG. 21.

Returning to FIG. 21, the result of the transaction request is receivedfrom the credit processing sub-system 94, 95 or 96 in a block 387. Next,in a block 388, the result is then returned to requester, e.g., theresult of a purchase authorization request is returned to thetransaction server 84 and credit information, for example, a creditlimit, is returned to the enrollment server 89 in response to requestfor a credit information request to be used for establishing a buyer'saccount. The logic of FIG. 21 then ends in a block 389 and processingreturns to the requester, e.g., transaction server 84 (FIG. 20) orenrollment server 89 (FIG. 16).

Returning to FIG. 20, once the transaction server receives the responseto its transaction request, e.g., authorization result of a purchaserequest, from the credit processing adapter in a block 363, the logicproceeds to a block 364 where the transaction record, for examplepurchase information including amount of purchase, is stored in memory83 of the commerce gateway 52. The logic then proceeds to a decisionblock 366, where a test is made to determine if the transaction wassuccessfully processed. If so, the logic proceeds to a block 370 where atransaction response with a valid status is then sent to the requester(e.g., the commerce gateway adapter 76 or the Web browser 64, whicheverthe case may be). If the transaction was not successfully processed, thelogic proceeds from decision block 366 to a block 374 where atransaction response with an error status is then returned to therequester in a block 376.

After a valid transaction response 370, an error transaction response374, or an impermissible transaction response 357 is sent to therequester, the logic of FIG. 20 ends in block 376 and processing returnsto the requester. In the case of a purchase request, the requester isthe commerce gateway adapter 76. In one exemplary embodiment, a recordof all transactions is stored in the financial database 98.

Returning to FIG. 19, after the response to the purchase request made bythe commerce gateway adapter 76 is received from the transaction serverin a block 336, the logic proceeds to a block 338 where the responseincluding the transaction status is formatted to be compatible with thecommerce engine 75. The formatted response is then forwarded to thecommerce engine in a block 340. The logic of FIG. 19 then ends in ablock 342 and processing returns to the commerce engine 75 in FIG. 18.

Returning to FIG. 18, once a response is received by the commerce engine75 from the commerce gateway adapter 86 in a block 308, the authorizedand ordered product is shipped to the buyer in a block 310. It will beappreciated by those of ordinary skill in the art that if the orderedproduct is capable of being downloaded, e.g., the product is anelectronically stored good, a URL for a premium content Web site, etc.,the product will simply be transferred by the seller server 51 to thebuyer computer 50. Otherwise, the product will be shipped or provided bymore traditional methods, e.g., regular mail, hand delivery, etc. Onceshipment is complete, the logic then proceeds to a block 312 where asettlement request is sent to the commerce gateway 52 in order toinitiate movement of funds. In an actual embodiment of the presentinvention, the seller submits the transaction into a settlement batchfor payment when the settlement batch for that seller is next processed.The timing of the processing could be that night or at a later datebased on the contract, i.e., terms of the purchase transaction. FIG. 41illustrates an exemplary Web page 4100 for designate when batches shouldbe processed. Settlement transactions are described in FIG. 24 in moredetail below with reference to FIG. 24.

Returning to FIG. 18, in a block 314, a response confirming fulfillmentof the order is sent to the Web browser 64 of the buyer's computer 50.The logic of FIG. 18 then ends in a block 324.

However if at decision block 304, it is determined that the purchaserequest should not be forwarded to the commerce gateway 52; the logicproceeds to a block 316 where standard commerce engine processing isperformed. More specifically, in block 316 traditional credit or debitcard authorization is performed such as approval or denial for the useof a credit card, e.g., VISA® or MASTERCARD®, for the specified purchaseamount. Next, the authorized goods are shipped in a block 318. The logicthen proceeds to a block 320 where a settlement request is sent to thetraditional credit provider, e.g., VISA® or MASTERCARD®. A responseconfirming fulfillment of the order is then sent to the Web browser 64of the buyer computer 50 in a block 322. The logic of FIG. 18 then endsin block 324 and processing returns to FIG. 12.

Returning to FIG. 12, once the Web browser 64 of the buyer computer 50receives a response to its purchase request in a block 240, the logicproceeds to a block 241 where an order confirmation Web page 1190 isdisplayed as shown in FIG. 11E. The logic of FIG. 12 then ends in block242.

FIG. 23 is a diagram illustrating the actions taken by the buyer'scomputer 50, the seller server 51 and the commerce gateway 52 forordering products using a virtual payment account system. This diagrampresents a high-level view of the detailed processing shown in the flowcharts described above. In response to an inquiry into purchasing aproduct 2305, a seller returns a purchase offer 2310 to the buyer'scomputer 50. At this point, the buyer has the option of beginning thepurchasing process as shown in FIG. 12. To continue the buyerauthenticator 65 checks to see which credentials, e.g. certificates, areavailable to the buyer and selects all available credentials to be usedby the commerce gateway 2315 to authenticate the buyer. The buyercomputer 50 then requests a list of all accounts or sub-accounts 2320for these credentials from the commerce gateway 52. The commerce gateway52 returns only those accounts that are usable by the buyer 2325 usingthe selected credentials. The buyer computer 50 then generates apurchase confirmation 2330 using one of the accounts on the listreturned from the commerce gateway 52. Buyer computer 50 then sends thepurchase confirmation 2335 to the seller server 51. The seller server 51requests authorization 2340 from the commerce gateway to verify that thepurchase confirmation is valid. The commerce gateway then returns anauthorization 2350 that the purchase confirmation is valid. The sellerserver 51 may then notify 2355 the buyer computer 50 that the purchaseconfirmation was authorized. The seller server then prepares thepurchase for delivery 2360. At this point, the seller may request asettlement transaction 2365 from the commerce gateway 52, which wouldthen provide a settlement transaction 2370 back to the seller server 51.The seller server 51 may then notify 2375 the buyer computer 50 ofdelivery details. Finally, the good(s) or service(s) that the buyerpurchased are delivered 2380.

If the seller is an auction Web site, the authorization 2340 sent by thecommerce gateway 52 to the seller server 51 includes information such asa buyer account identification, a seller identification, a seller saleoffering, a buyer authentication, a seller authentication, and a masteridentification, i.e., identification of the commerce gateway 52provider. Particular to this type of response is an expiration date/timethat is used to signal the shorter of the maximum times that the buyerand the seller are willing to “reserve” funds associated with thistransaction. If the transaction, i.e., settlement request 2365, is notreceived by the commerce gateway 52 before the expiration date/time ofthe transaction, the products and/or funds will be released back totheir owners. At a later time, once the buyer has committed to thepurchase, the buyer releases an authorization to the provider of thecommerce gateway 52 knowing that the seller has proven ability to shipthe products on demand without delay. This initiates the actualsettlement of funds and triggers payment to the seller in the nextsettlement batch, without any further interaction with the seller. Thispayment method supports buyer-initiated, pre-approved purchases withexpiration date/time, such as auction and gift-certificate purchases.

It will be appreciated that FIG. 23 illustrates processing of a validpurchase transaction. If there is an error at any time during theprocessing, e.g., buyer is not authorized because he or she is not aregistered buyer, has exceeded his or her spending limit, etc.,processing will terminate after an appropriate error response has beenreturned to the buyer computer 50 for display to the buyer via the Webbrowser 64.

Settlement Transaction

When a seller establishes a seller account, a contract is formeddefining the relationship between the seller and the commerce gatewayprovider. That contract defines the terms, such as when payments will befunded and what fee shall be given to the commerce gateway provider. Thecommerce gateway fee can be a per transaction fee or a percentage feebased on the amount of a transaction. The logic for settlementtransactions for a virtual payment account is similar to the logic usedfor processing standard credit card settlement transactions. After theseller ships the product, the seller sends a settlement transaction tothe commerce gateway 52 as shown in FIG. 24. It will be appreciated thatthe logic performed by the seller server 51 can be performed by thecommerce engine component 75, or some other component, for example, aWeb browser (not shown) residing on the seller server 51.

FIG. 24 illustrates the logic implemented by seller server 51 when theseller wishes to perform a settlement transaction. The logic begins in ablock 530 and proceeds to a block 532 where a secure connection betweenthe seller computer 51 and commerce gateway 52 is established, using thesame logic shown and described with reference to the buyer in block 222of FIG. 12. The logic then proceeds to a block 534 where the sellerauthenticator process is run. The seller authenticator process issimilar to the buyer authenticator process shown in FIG. 13 anddescribed above. Next, in a decision block 536 a test is made todetermine if the seller is a registered participant (i.e., seller'sdigital certificate was issued by the commerce gateway provider,seller's digital certificate has not expired and seller's digitalcertificate has not been revoked). If not, the logic proceeds to a block538 where a seller authentication error message is displayed on theseller server display 72, for example, via a Web browser. The logic ofFIG. 24 then ends in a block 548.

If the seller authenticator process is successful, the logic proceedsfrom decision block 536 to a block 544 where a settlement request issent to the transaction server 84 on the commerce gateway 52. As shownand described in FIG. 25, the transaction server 84 forwards the requestto the credit processing server adapter 86, which in turn forwards thetransaction request to the appropriate credit processing sub-system. Inthe case of a settlement transaction request, the payment processingsub-system 95 processes the transaction. The payment processingsub-system forwards the settlement request to the financial institution59. The financial institution funds the transactions into the commercegateway provider's account. The commerce gateway provider takes itspercentage and pays the sellers their portion. The financial institution59 waits for their billing cycle, e.g., monthly, and then charges thebuyers for their purchases plus interest charges. The financialinstitution waits for the buyer payments. If the buyer does not pay,standard late payment processing, such as late notices, finance charges,etc. is performed.

The logic of FIG. 25 begins in a block 2505 and proceeds to a block 2510where the settlement request is received. The origin or source of thesettlement request as well as the context, i.e., date and time, of therequest are then recorded in memory 83 of the commerce gateway 52 in ablock 2515. Next, the logic proceeds to a decision block 2520 where atest is made to determine whether the requested settlement ispermissible. A variety of factors can be considered in making thedetermination of whether a requested settlement is permissible. Somefactors might include a settlement request for a transaction that didnot have a purchase confirmation from a buyer, that had a purchaseconfirmation from a buyer whose account did not hold sufficient funds,for an auction settlement whose time had expired or whose credentialswere no longer valid. It will be appreciated that yet other factors maycause a settlement transaction to be impermissible. If the transactionis not permissible, the logic proceeds to a block 2560 where animpermissible settlement request message is sent to the requester, i.e.,the seller, in this case. If, however, the transaction is permissible,the logic proceeds from decision block 2520 to a block 2525 where thetransaction request is sent to a credit processing server adapter 86 forfurther processing as shown in FIG. 21 and described above. Continuingin FIG. 20, once the transaction server receives the response to itstransaction request, e.g., authorization result of a settlement request,from the credit processing adapter in a block 2530, the logic proceedsto a block 2535 where a transaction record, for example purchaseinformation including amount of purchase, is stored in memory 83 of thecommerce gateway 52. The logic then proceeds to a decision block 2540,where a test is made to determine if the transaction was successfullyprocessed. If so, the logic proceeds to a block 2545 where a transactionresponse with a valid status is then sent to the requester, i.e., theseller in this case. If the transaction was not successfully processed,the logic proceeds from decision block 2540 to a block 2555 where atransaction response with an error status is then returned to therequester.

After a valid transaction response 2545, an error transaction response2555, or an impermissible transaction response 2560 is sent to therequester, the logic of FIG. 25 ends in block 2550 and processingreturns to the requester.

Referring back to FIG. 24, after the transaction server 84 has processedthe settlement transaction and provided the results of the settlementtransaction to the seller's computer 51, the result of the settlementtransaction is displayed on the seller's display 73, for example, viathe seller server's Web browser. The logic of FIG. 24 then ends in block548.

Refund Transaction

FIG. 26 illustrates the logic implemented by the present invention whena refund transaction is initiated, for example, when a buyer disputes acharge on his or her virtual payment account. As with any paymentdispute, it must be determined whether the buyer will receive all or aportion of the disputed amount. This process is external to the virtualpayment system of the present invention. The determination of whetherthe dispute has merit is determined by the seller. If the sellerdetermines that the dispute has merit, the seller notifies a customerservice representative and a refund transaction is initiated. In theembodiment shown in FIG. 26 and described herein, if it is determinedthat an amount disputed by a buyer is subject to a refund, a customerservice representative initiates the refund, or chargeback transactionvia the administrative computer 54 shown in FIG. 2. In one actualembodiment, the administrative computer is a “dumb terminal” by whichthe customer service representative enters information directly into thetransaction server 84 on the commerce gateway 52. In another embodiment,the administrative computer may have a Web browser that allows theadministrator to enter the information using Web pages available only onthe LAN 44 behind the firewall 55, i.e., the buyer and seller do nothave access to these administrative Web pages.

Referring to FIG. 26, the logic begins in a block 550 and proceeds to ablock 552 where the refund information including account, sub-accountand amount is obtained. The refund transaction information is then sentto the transaction server 84 by the administrative computer 54 in ablock 554 in the form of a refund request. Transaction server 84processing is shown and described with reference to FIG. 20.

As also noted above, in processing the refund request, the transactionserver 84 will forward a transaction request to the credit processingserver 53 for processing by the account/billing sub-system 94 as shownin FIG. 22. A refund applied to a buyer's virtual payment account causesthe buyer's balance to decrease by the amount of the payment. Stillreferring to FIG. 26, after the transaction server 84 has processed therefund transaction, the result of the transaction processing is receivedand displayed by the administrative computer 54. The logic of FIG. 26then ends in a block 558. Unlike the purchase transaction, the refundtransaction is not initiated by the buyer via the Web browser 64;therefore, the buyer is notified by other means, for example by sendingan e-mail message to the buyer's computer 50. It will also beappreciated that in yet other embodiments of the present invention, theseller server 51 may initiate the refund request as opposed to theadministrative computer 54.

Buyer Account Management

Other transactions normally associated with an account such as astandard credit card account are also applicable to the virtual paymentaccount of the present invention. FIGS. 10A-10C illustrate some examplesof Web pages used by a buyer with a virtual payment account. Processingof these transactions is similar to other transaction processing asillustrated in flow diagrams and described above, and therefore will notbe discussed in further detail herein. FIG. 10A illustrates a Web page660 containing details of a primary account 632 along with sub-accounts634. FIG. 10B illustrates an exemplary Web page 665 summarizing thesub-accounts for a master account 634. FIG. 10C illustrates atransaction summary Web page 670 for the sub-accounts for a given masteraccount.

Seller Reports

It is often desirable for seller's to have detailed reports available tojudge the current state of their business. Accordingly, the presentinvention maintains records of transactions in readily retrievableformats. It is also desirable that competitors not have access to thesame reports on the details of a seller's business. Accordingly, thepresent invention provides for secure authenticated access to a seller'sreports. FIG. 42 illustrates the logic for generating seller reports.The logic starts at a block 4201 and proceeds to a block 4210 thatestablishes a secure connection between the seller computer 51 and thecommerce gateway 52. The logic then proceeds to a block 4215 where theseller is authenticated much as the buyer authenticator illustrated inFIG. 13. The flow continues to a block 4220 where a test is performed tosee if the seller has been authenticated. If the authentication wassuccessful, the logic continues to a block 4225 where the sellerrequests the transaction server 84 to generate a report. At a block 4230the transaction server retrieves relevant information and generates areport, which in a block 4235 is received by the seller computer forviewing by the seller. The logic ends in a block 4299.

In one actual embodiment of the present invention, the commerce gateway52 requests report information from the credit processing server 53, inparticular from the financial database 98 stored on the creditprocessing server. It will be appreciated by those of ordinary skill inthe art, that a financial database may be used to store information forreport generation, yet may also store information relevant for otherpurposes.

FIGS. 31, 33, 35, 37, and 39 illustrate exemplary Web pages 3100, 3300,3500, 3700, and 3900 illustrating exemplary reports available to aseller. FIG. 31 shows an exemplary Web page 3100 with a graph chartingthe number of sales occurring each month during a year-long period. FIG.33 shows an exemplary Web page 3300 with a table indicating the statusand information on particular orders received. FIG. 35 shows anexemplary Web page 3500 with a table listing transactions that havealready been processed for each order, and the result of thatprocessing. FIG. 37 shows an exemplary Web page 3700 with a tablelisting item sales and along with relevant statistics such as number ofunits sold, what percentage of units have been sold and what percent ofoverall sales does that item account for. FIG. 39 shows an exemplary Webpage 3900 with a table listing transactions that have yet to beprocessed and are still wait for the next batch of transaction to berun.

FIGS. 32, 34, 36, 38, and 40 illustrate exemplary Web page forms 3200,3400, 3600, 3800 and 4000 for customizing seller reports.

While the preferred embodiment of the invention has been illustrated anddescribed, it will be appreciated that various changes can be madetherein without departing from the spirit and scope of the invention.For example, it will also be appreciated that there are othertransactions applicable to a virtual payment account of the presentinvention, e.g., account closure, credit limit modification, overdueaccount notification, etc. It will be appreciated that thesetransactions can be initiated by various components of the system, forexample a financial institution may institute a change in a credit limitby sending a request to one of the sub-systems on the credit processingserver. One of ordinary skill in the art will recognize that therequests for such transactions are processed by the virtual paymentsystem of the present invention in a manner similar to the processing ofthe purchase settlement, and refund transactions described in detailabove.

We claim:
 1. A method for purchasing an item offered for sale from anetwork server by an electronic device of a user using a virtual paymentaccount, the network server including a database containing informationregarding items offered for sale, the method comprising: establishing,by a commerce server, a secure connection with an electronic device ofthe user, the commerce server being operable to serve a plurality ofnetwork servers, including the network server, wherein the electronicdevice is used by the user when purchasing the item offered for salefrom the network server; receiving, by the commerce server, anauthentication request from the electronic device via the secureconnection, wherein the authentication request comprises one or morecredentials purported to identify the user as a registered holder of oneor more virtual payment accounts maintained by the commerce server, eachcredential comprising a digital certificate generated by the commerceserver using a public key of an encryption key pair generated by anauthenticator downloaded to the buyer computer from the commerce serverupon approval of a virtual payment account by the commerce platform, thevirtual payment account associated with the digital certificate, and thedigital certificate is generated by the commerce server by signing thepublic key to form the digital certificate, and each credential storedin a container at the electronic device, the container generated duringapproval of the virtual payment account by the commerce server; inresponse to the commerce server receiving the authentication request,determining by the commerce server whether a valid virtual paymentaccount maintained by the commerce server is associated with the userbased on account identification information within one or more of thecredentials for which the commerce server verified the digital signatureof the commerce server within the one or more of the credentials; inresponse to the commerce server determining that a valid virtual paymentaccount is associated with the user based on verification of the digitalsignature of the commerce server within one or more of the credentials,returning account identification information to the electronic devicethat identifies at least the valid virtual payment account, wherein theaccount identification information is usable to purchase the itemoffered for sale from the network server using the valid virtual paymentaccount that is determined to be associated with the user based on theone or more electronic device credentials; in response to the networkserver receiving an order to purchase the item and the accountidentifier from the electronic device, and the commerce server receivinga request for purchase authorization from the network server includingthe account identifier, sending a valid transaction authorization by thecommerce server to the network server; and in response to the networkserver receiving the valid transaction authorization, completing thepurchase of the item.
 2. The method defined in claim 1 furthercomprising, in response to the network server requesting purchaseauthorization from the commerce server, the commerce server: determiningwhether the virtual payment account may be charged for purchase of theitem; and in response to determining that the virtual payment accountmay be charged for the purchase of the item, transmitting the validtransaction authorization to the network server.
 3. The method definedin claim 1 wherein the virtual payment account comprises a main accountand at least one sub-account.
 4. The method defined in claim 1 furthercomprising returning the container to a web browser running on theelectronic device.
 5. The method defined in claim 1 wherein the commerceserver is operable to interface with one or more credit processingservers in order to authorize and settle item purchases using virtualpayment accounts maintained by the commerce server.
 6. The methoddefined in claim 1 wherein completing the purchase of the item comprisesthe seller computer providing the item to a buyer associated with theelectronic device and requesting payment from the commerce server. 7.The method defined in claim 1 wherein the account identificationinformation is obtained in response to retrieving information from asecure token.
 8. The method defined in claim 1 wherein the sellercomputer provides the item to the buyer associated with the electronicdevice by downloading the item to the electronic device.
 9. The methoddefined in claim 1 wherein the seller computer provides the item to thebuyer associated with the electronic device by arranging for the item tobe shipped to the buyer.
 10. An article of manufacture having one ormore non-transitory computer readable media storing instructions which,when executed by a commerce server of a network arrangement, cause thenetwork arrangement to perform a method for facilitating purchase of anitem offered for sale from a network server by an electronic device of auser using a virtual payment account, the network server storing an itemoffered for sale database containing information regarding items offeredfor sale, the method comprising: establishing, by a commerce server, asecure connection with an electronic device of the user, the commerceserver being operable to serve a plurality of network servers, includingthe network server, wherein the electronic device is used by the userwhen purchasing the item offered for sale from the network server;receiving, by the commerce server, an authentication request from theelectronic device via the secure connection, wherein the authenticationrequest comprises one or more credentials purported to identify the useras a registered holder of one or more virtual payment accountsmaintained by the commerce server, each credential comprising a digitalcertificate generated by the commerce server using a public key of anencryption key pair generated by an authenticator downloaded to thebuyer computer from the commerce server upon approval of a virtualpayment account by the commerce platform, the virtual payment accountassociated with the digital certificate, and the digital certificate isgenerated by the commerce server by signing the public key to form thedigital certificate, and each credential stored in a container at theelectronic device, the container generated during approval of thevirtual payment account by the commerce server; in response to thecommerce server receiving the authentication request, determining by thecommerce server whether a valid virtual payment account maintained bythe commerce server is associated with the user based on accountidentification information within one or more of the credentials forwhich the commerce server verified the digital signature of the commerceserver within the one or more of the credentials; in response to thecommerce server determining that a valid virtual payment account isassociated with the user based on verification of the digital signatureof the commerce server within one or more of the credentials, returningaccount identification information to the electronic device thatidentifies at least the valid virtual payment account, wherein theaccount identification information is usable to purchase the itemoffered for sale from the network server using the valid virtual paymentaccount that is determined to be associated with the user based on theone or more electronic device credentials; in response to the networkserver receiving an order to purchase the item and the accountidentifier from the electronic device, and the commerce server receivinga request for purchase authorization from the network server includingthe account identifier, sending a valid transaction authorization by thecommerce server to the network server; and in response to the networkserver receiving the valid transaction authorization, completing thepurchase of the item.
 11. The article of manufacture defined in claim 10wherein the method further comprises, in response to the network serverrequesting purchase authorization from the commerce server, the commerceserver: determining whether the virtual payment account may be chargedfor purchase of the item; and in response to determining that thevirtual payment account may be charged for the purchase of the item,transmitting the valid transaction authorization to the network server.12. The article of manufacture defined in claim 10 wherein the virtualpayment account comprises a main account and at least one sub-account.13. The article of manufacture defined in claim 10 wherein the methodfurther comprises returning the account identification container to aweb browser running on the electronic device.
 14. The article ofmanufacture defined in claim 10 wherein the commerce server is operableto interface with credit processing servers in order to authorize andsettle item purchases using virtual payment accounts maintained by thecommerce server.
 15. The article of manufacture defined in claim 10wherein completing the purchase of the item comprises the sellercomputer providing the item to a buyer associated with the electronicdevice and requesting payment from the commerce server.
 16. The articleof manufacture defined in claim 10 wherein the account identificationinformation is obtained in response to retrieving information from asecure token.
 17. The article of manufacture defined in claim 10 whereinthe seller computer provides the item to the buyer associated with theelectronic device by downloading the item to the electronic device. 18.The article of manufacture defined in claim 10 wherein the sellercomputer provides the item to the buyer associated with the electronicdevice by arranging for the item to be shipped to the buyer.